PERSONAL DATA PROTECTION POLICY REGARDING THE PROPERTY REGISTER
INTRODUCTION
The Registry Agency is an executive agency under the Minister of Justice. It is a legal entity with headquarters in Sofia and with registry offices in the seats of district courts. The Registry Agency was established on 31 July 2004 with the adoption of §27 of the Law for Amendment and Supplement of the Cadastre and Property Register Act (prom. SG No. 36 of 30 April 2004) and the Rules of Procedure of the Agency (SG No. 63 of 20 July 2004, in force as of 31 July 2004).
The Property Register is a system of data on real property on the territory of the Republic of Bulgaria and consists of the accounts of individual properties. Acts by which the right of ownership or other real right over real property is recognized, transferred, amended or terminated are entered in it. The Property Register includes foreclosures and mortgages on real property. The Registry Agency organizes the work on the establishment and maintenance of the Property Register. The Agency provides the liaison between the Property Register and other registers, ensures the development and technical improvement of the Property Register. In the performance of its functions for keeping the Property Register, the Agency creates and maintains a central archive in electronic form of real estate accounts and entered acts with documents attached thereto. Registrations, notes and deletions are made in the registry offices in the court district of the respective district court by an order of the registry judge in respect of properties. In the registry offices in the court district of the respective district court, entries, notes and deletions are made by order of the registry judge, information is prepared and transmitted to the Registry Agency, inquiries are made and certificates of entries are issued, with activities related to the creation of the Property Register being performed.
The Registry Agency performs its functions of keeping and maintaining the national electronic registers, the Property Register in particular, under strict normative regulation of the activities for creation, maintenance and keeping of the electronic registers. In fulfillment of these functions and tasks assigned to it by the relevant normative acts such as the Cadastre and Property Register Act, Ordinance No. 2 of 21.04.2005 on the Keeping and Storage of the Property Register, the Rules for Entry, etc., the Registry Agency processes personal data of natural persons that, in its capacity as controller in fulfillment of a legal obligation applicable to data controllers or in exercise of official powers, it collects, processes, stores or shares in accordance with the requirements and in compliance with the principles and provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, the Personal Data Protection Act (amended and supplemented, SG No. 17 of 26.02.2019), as well as other normative acts related to the protection of personal data of natural persons.
INFORMATION ABOUT THE DATA CONTROLLER
The Registry Agency is an executive agency under the Minister of Justice. Secondary authorizing officer with headquarters in 1111 Sofia city, Sofia Municipality, Slatina Region, 20 Elisaveta Bagryana St. The Agency is managed and represented by an Executive Director.
In its capacity of controller within the meaning of Art. 4, item 7 of the GDPR, the Registry Agency applies the relevant technical and organizational measures to ensure the lawful processing of personal data of natural persons, in compliance with the principles and requirements of the legislation on processing and protection of personal data of data subjects - applicants, natural persons.
DEFINITIONS
For the purposes of this policy:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
SUBJECT
Art. 1. This Policy aims to present in a clear and accessible way information on the activities related to the keeping and maintenance of the Property Register, as well as in connection with the making of entries in the Register where personal data of natural persons are processed.
- the identity and the contact details of the controller and, where applicable, of the controller’s representative;
- the contact details of the data protection officer, where applicable;
- the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
- where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party;
- the recipients or categories of recipients of the personal data, if any;
- where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation;
- the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
- the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
- where the processing is based on consent, the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- the right to lodge a complaint with a supervisory authority;
- whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;
- the existence of automated decision-making, including profiling, resp. meaningful information about the logic involved, as well as the significance and the envisaged consequences in case the data controller performs such processing.
Art. 2. This Personal Data Protection Policy regarding the Property Register applies to all personal data processing activities and operations performed by the controller, as well as to all services offered by the Agency, regardless of the legal basis for the processing of personal data of natural persons, as well as to the activities for processing personal data in connection with the fulfillment of the obligations and functions for entries, keeping and maintenance of the Property Register.
Art. 3. With this Personal Data Protection Policy, the Registry Agency declares that in carrying out the activities of personal data processing of natural persons, it applies the relevant technical and organizational measures ensuring an appropriate level of data protection in compliance with the following principles:
- personal data are processed lawfully, in good faith and in a transparent manner with regard to the data subject (“lawfulness, good faith and transparency”);
- personal data are collected for specific, explicit and legitimate purposes and not further processed in a way incompatible with those purposes; further processing for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, shall not be considered incompatible with the original purposes (“limitation of purposes”);
- personal data are appropriate, related to and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”);
- personal data are accurate and, where necessary, kept up to date; all reasonable measures must be taken to ensure the timely deletion or correction of inaccurate personal data, taking into account the purposes for which they are processed (“accuracy”);
- personal data are stored in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods in so far as they are processed solely for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, provided that the appropriate technical and organizational measures provided for in this regulation in order to guarantee the rights and freedoms of the data subject (“storage restriction”) are applied;
- personal data are processed in a way that ensures an appropriate level of security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, applying appropriate technical or organizational measures (“entirety and confidentiality”).
Art. 4. With this Personal Data Protection Policy, the controller declares that it applies appropriate technical and organizational measures to ensure lawful processing of personal data of natural persons and that it is able to prove lawful processing of data in accordance with the principle of accountability.
Art. 5. The Registry Agency collects and processes personal data of natural persons in connection with:
5.1. Entry, announcement, deletion of acts (other than a notarial act) - according to an application form by the parties to the act, notary public or other natural person with an interest in the entry.
5.2. Issuance of a certificate for entry, note, deletion
5.2.1. Certificate foe a person - a certificate for a person shows only the entries, notes and deletions made in the name of one or several specific persons.
5.2.2. Certificate for a property - the certificate which is issued for a certain property indicates the entries, notes and deletions for encumbrances and rights, or it is certified that there are none.
5.2.3. Certificate for a person for a certain period - the certificate shows only the entries, notes and deletions made in the name of one or several certain persons for a certain period.
5.2.4. Certificate for a property for a certain period from the Property Register - a certificate for a property for a certain period reflects only the entries, notes and deletions that are made for a certain period of time indicated by the person at whose request the certificate is issued, or it is certified that there are none.
5.3. Issuance of a transcript or extract from the existing entries, notes or deletions in the books, or from the account of the persons - A transcript is a certified or uncertified copy of the acts kept by the respective Registry Office. Uncertified transcripts may be required by anyone. Certified transcripts are issued only to the parties to the act, to their legal successors or representatives by law or by authorization.
5.4. Electronic reports
5.2. Free SMS notification - the information service is an opportunity to receive notification short text messages (SMS) for entries, notes and deletions in the books for entry, refusals and rulings of the district court delivered for them, issuance of a certified transcript and refusal to issue a certified transcript and correction of a record in the information system.
5.3. Paid SMS notification - the information service is an opportunity to receive notification short text messages (SMS) for entries, notes and deletions in the books for entry, refusals and rulings of the district court delivered for them, issuance of a certified transcript and refusal to issue a certified transcript and correction of a record in the information system.
5.4. Reimbursement of overpaid or incorrectly paid state fees to the account of the Registry Agency.
5.5. Automated notification from the Property Register to the specified e-mail - the information service is an opportunity to receive notification short text messages for entries, notes and deletions in the books for entry, refusals and rulings of the district court delivered for them, issuance of a certified transcript and refusal to issue a certified transcript and correction of a record in the information system for a natural person / legal entity with UIC / foreign person with a FIN at a specified e-mail.
5.6. The automated service for submission of information from the Property Register - the automated service is developed as a one-way connection for periodic generation of an array of data and/or online access to data for a specific act. The service is provided only in the form of an automated interface for connection between the system of the Property Register with the system of an interested public institution which has received the right of access.
CATEGORIES OF PERSONAL DATA PROCESSED BY THE CONTROLLER
Art. 6. As a data controller, the Registry Agency collects and processes the following categories of personal data:
(1) in connection with the performance of the functions and performance of the tasks for creation, maintenance and keeping of the Property Register, in fulfillment of the legal obligations related to activities for entry in the Property Register, the Registry Agency processes the following categories of personal data:
- physical identity data – names, PIN/FIN, date and place of birth, signature, address of natural persons who are owners
- economic identity data - ownership right, resp. limited real rights over real property:
(2) in connection with providing services such as inquiries, provision of certificates, certified transcripts, etc. regarding entered circumstances and announced acts, in fulfillment of normatively regulated obligations in view of the public nature of the Property Register and of the information constituting the database of the register, the Agency processes:
- physical identity data – names, PIN/FIN, date and place of birth, data from identity document, signature, address, telephone, e-mail for contact of natural persons applying for services in connection with the identification of applicants, as well as in connection with the authentication of natural persons using registered access to the database of the respective electronic registers.
(3) in connection with providing other services such as free or paid notification by SMS, etc.:
- physical identity data – names, PIN/FIN, date and place of birth, signature, address, telephone, e-mail for contact of natural persons applying for the respective service.
(4) in connection with the operation of devices, websites and applications through which the Registry Agency provides services:
- technical data – IP addresses, MAC addresses, device name, browsing history;
- “cookies” (detailed information about cookies can be found in the relevant section)
CATEGORIES OF SUBJECTS WHOSE DATA ARE PROCESSED BY THE CONTROLLER
Art. 7. As a data controller, the Registry Agency processes personal data of the following categories of subjects:
(1) Natural persons whose personal data are contained in acts subject to announcement.
(2) Natural persons performing entry pursuant to Art. 76, para. 1 of the Cadastre and Property Register Act: the interested person or their representative and a notary public in cases provided by law.
(3) Natural persons making inquiries.
(4) Natural persons users of the free SMS notification and paid SMS notification services.
(5) Natural persons using registered access to the Unified Portal for Electronic Application for Administrative Services.
PURPOSES
Art. 8. As a data controller, the Registry Agency collects, processes and stores, and, in cases of legal grounds, transmits personal data of natural persons in connection with:
(1) Entry, announcement, deletion of acts (other than notarial act) according to the provisions of the Cadastre and Property Register Act, Ordinance No. 2 of 21.04.2005 on the Keeping and Storage of the Property Register, the Rules for Entry.
(2) Issuance of a certificate for entry, note, deletion, including a certificate for a natural person and a certificate for property.
(3) Issuance of a transcript or extract from existing entries, notes or deletions in the books, or from the account of the person.
(4) Provision of the free SMS notification service.
(5) Provision of the paid SMS notification service.
(6) Reimbursement of overpaid or incorrectly paid state fees to the account of the Registry Agency.
(7) Verification of user profiles, authentication of users, improvement of the quality of the electronic services provided by the Registry Agency.
LEGAL GROUNDS FOR PERSONAL DATA PROCESSING
Art. 9. In connection with the fulfillment of the requirement for legality of the processing, the Registry Agency processes personal data of natural persons as follows:
(1) Entry, note and deletion of acts (other than a notarial act) - according to an application form - in fulfillment of a legal obligation applicable to the controller - Article 6(1)(c) of the GDPR in conjunction with Article 77, para. 1 of the Cadastre and Property Register Act.
(2) Certificate for a person - in fulfillment of a legal obligation applicable to the controller - Article 6(1)(c) of the GDPR in conjunction with Articles 45 and 46 of the Rules for Entry.
(3) Certificate for a property - in fulfillment of a legal obligation applicable to the controller - Article 6(1)(c) of the GDPR in conjunction with Articles 45 and 47 of the Rules for Entry.
(4) Certificate for a period of time - in fulfillment of a legal obligation applicable to the controller - Article 6(1)(c) of the GDPR in conjunction with Articles 45 and 48 in conjunction with Articles 46 and 47 of the Rules for Entry.
(5) Issuance of a transcript or extract from existing entries, notes or deletions on the books, or from the account of the persons - in fulfillment of a legal obligation applicable to the controller - Article 6(1)(c) of the GDPR in conjunction with Article 51 of the Rules for Entry in conjunction with Article 93 of the Cadastre and Property Register Act.
(6) Making electronic inquiries - in the exercise of official authority vested in the controller - Article 6(1)(d) of the GDPR in conjunction with Articles 92, 93 of the Cadastre and Property Register Act, Chapter VII Publicity of the Books for Entry in the Rules for Entry.
(7) Provision of the free SMS notification and the paid SMS notification services - Article 6(1)(d) of the GDPR - based on the consent of the subject - user of the service.
(8) Provision of the service for automated notification from the Property Register to the specified e-mail - Article 6(1)(a) of the GDPR - based on the consent of the subject - user of the service.
(9) Reimbursement of overpaid or incorrectly paid state fees to the account of the Registry Agency in the exercise of official authority vested in the controller - Article 6(1)(d) of the GDPR.
Art. 10. (1) In cases where the processing of personal data is based on the consent of the data subjects, the same is a freely expressed, informed, specific and unambiguous indication of the will of the data subject in relation to a specifically indicated purpose.
(2) The data subject has the right to withdraw his or her consent at any time, as the withdrawal of the consent does affect the legality of the processing based on a given consent before its withdrawal. Depending on the way of providing the service, the consent can be given during the visit of the natural person in the controller’s premises in connection with an application for use of the respective service or electronically.
Art. 11. The Registry Agency does not process personal data that are provided by a data subject without having a legal basis under Art. 6 of the GDPR or in contradiction with the principles under Art. 5 of the same Regulation. Within one month of learning, the controller returns the personal data, and if this is impossible or requires a disproportionate effort – deletes or destroys them.
Art. 12. The Registry Agency does not process personal data of children, except in cases when such processing is in compliance with a legal obligation to which the controller is subject
Art. 13. In its capacity of a data controller providing services electronically, the Registry Agency takes appropriate technical and organizational measures that do not allow the personal identification number or foreigner’s identification number to be the only means of identification or authentication of the user when providing remote access to the respective service.
MANNER OF PERSONAL DATA PROCESSING, PROVISION OF PERSONAL DATA TO THIRD PERSONS, PERIODS FOR STORAGE OF PERSONAL DATA
Art. 14. In connection with the performance of its functions and tasks, the provision of services, the Registry Agency collects and processes personal data as follows:
- by filling in an application electronically in connection with entry, deletion or announcement in the electronic registers kept by the Agency;
- by filling in an application electronically for providing an inquiry, certificate, transcript;
- by filling in data electronically in connection with the identification/authentication of users of services provided by the Agency who use services with registered access to the databases of the Property Register;
- by filling in an application electronically for the provision of services;
- by processing data for IP address, MAC address and cookies.
Art. 15. With this Personal Data Protection Policy, the Registry Agency, in its capacity of data controller, declares that it does not provide personal data of natural persons without their explicit consent to third persons/parties, except when necessary to fulfill a legal obligation to which the controller is subject or in the event that there is a legal basis for the provision of such data.
Art. 16. The Registry Agency may provide information representing personal data to law enforcement agencies and institutions in response to lawful requests.
Art. 17. In order to fulfill legal requirements, assumed obligations under contractual and/or pre-contractual relations with natural persons, the Registry Agency may provide personal data to the following categories of persons:
- other data controllers in the presence of a legal obligation to do so.
- data processors who process personal data on behalf of the controller, in compliance with the requirements of the GDPR on data processors, only in pursuance of a written order by the data controller.
Art. 18. The transfer of personal data of natural persons to natural and legal persons established in countries and international organizations outside the EU and the EEA is carried out in compliance with the requirements provided for in Regulation (EU) 2016/679, namely: where for the respective country or international organization, the existence of an adequate level of protection has been established by a decision of the EC; in the presence of an alternative legal mechanism to ensure compliance with the requirements of Regulation (EU) 2016/679; in the presence of other grounds (derogations) provided for in Regulation (EU) 2016/679, such as the explicit consent of the data subject.
Art. 19. (1) Depending on the purposes for which personal data under Art. 6 of this Policy are processed, the period of storage of personal data varies.
(2) In case data are processed on the basis of consent of the data subject, they are stored for a period relevant to the purposes for which they have been collected and processed, resp. in connection with the specific service provided to the natural person.
RIGHTS OF NATURAL PERSONS - DATA SUBJECTS
Art. 20. Every natural person who is a data subject has the right:
- to obtain confirmation from the controller whether personal data relating to him or her are being processed and, if so, to obtain access to the data and the following information on the purposes of the processing, the relevant categories of personal data, the recipients or the categories of recipients before whom personal data have been or will be disclosed, in particular recipients in third countries or international organizations. Where possible, the envisaged period for which personal data will be stored and, if this is not possible – the criteria used to determine this period, as well as the existence of the right to require the controller to correct or delete personal data or restrict processing of personal data relating to the data subject, or to object to such processing, the right to appeal to a supervisory authority. In cases where personal data are not collected from the data subject, any available information on their source, as well as information on the existence of automated decision-making, including profiling, as well as essential information on the logic used and the meaning and intended consequences of this processing for the data subject.
- to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed.
- to obtain from the controller the erasure of personal data concerning him or her where one of the following grounds applies:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing;
(c) the data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR;
(d) the personal data have been unlawfully processed;
(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR;
In cases where the processing of personal data is in connection with the observance of a legal obligation to which the controller is subject, for the performance of a task of public interest and in the exercise of official authority vested in the controller, the data subject may not invoke the right to delete personal data relating to him or her.
- to obtain from the controller restriction of processing where the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; where the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; in cases where the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; as well as in cases where the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
- to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided
- to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
- not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Art. 21. In cases where the natural person’s right of access to personal data relating to him or her may lead to the disclosure of personal data to third parties, the Registry Agency grants the natural person concerned access only to that part of the information which relates to him or her.
Art. 22. The Registry Agency may refuse to fully or partially exercise the rights of data subjects, as well as not to fulfill its obligation to inform according to Art. 34 of the GDOR, when the exercise of the rights or the fulfillment of the obligation would create a risk for:
- national security;
- defence;
- public security;
- the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;
- other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including monetary, budgetary and taxation a matters, public health and social security;
- the protection of judicial independence and judicial proceedings;
- the prevention, investigation, detection and prosecution of breaches of ethics for regulated professions;
- the protection of the data subject or the rights and freedoms of others;
- the enforcement of civil law claims.
Art. 23. (1) The Registry Agency provides the information in connection with requests for exercising any of the rights under Art. 20 of this Policy free of charge.
(2) In case of manifestly unfounded and excessive requests by data subjects, the controller may determine an administrative fee for providing the requested information, resp. exercise of a right.
Art. 24. With the present Personal Data Protection Policy, the Registry Agency declares that it undertakes and applies the respective technical and organizational measures in connection with the assistance of data subjects in the exercise of the rights under Art. 20 of the Policy.
Art. 25. (1) The Registry Agency provides to data subjects information regarding the actions which it undertakes in connection with a request for exercise of rights within one month from the receipt of the request.
(2) If necessary, this period may be extended by another two months, taking into account the complexity and the number of requests.
(3) The controller informs the data subject of any such extension within one month from the receipt of the request, indicating also the reasons for the delay.
(4) When a data subject submits a request by electronic means, the information is provided by electronic means, if possible, unless the data subject has requested otherwise.
Art. 26. (1) Data subjects exercise their rights under Art. 21 of this Policy through a written application to the data controller.
(2) An application may also be submitted electronically under the conditions of the Electronic Document and Electronic Certification Services Act, the Electronic Government Act and the Electronic Identification Act.
Art. 27. An application containing a request for the exercise of a right should contain:
- name, address, personal identification number or foreigner’s identification number or other similar identifier, or other identification data of the natural person, as determined by the controller in connection with the activity performed by it;
- description of the request;
- preferred form for receiving information when exercising the rights under Art. 25 of this Policy;
- signature, date of submission of the application and mailing address.
- upon submission of an application by an authorized person, the power of attorney is attached to the application as well.
Art. 28. The rights referred to above are exercised by submitting a written application to the Registry Agency at the following address: 1111 Sofia city, Sofia Municipality, Slatina Region, 20 Elisaveta Bagryana St. or at the official e-mail address of the Agency office@registryagency.bg, in compliance with the conditions of the Electronic Document and Electronic Certification Services Act, the Electronic Government Act and the Electronic Identification Act.
Art. 29. Contact details of the data protection officer gdpr@registryagency.bg
Art. 30. (1) In case of a violation, natural persons also have the right to send inquiries and complaints to the supervisory body – the Commission for Personal Data Protection (CPDP).
(2) Contact details of the CPDP: 1592 Sofia city, 2 Prof. Tsvetan Lazarov Blvd., e-mail: kzld@cpdp.bg, website: www.cpdp.bg
NOTIFICATION OF CHANGES TO THIS PERSONAL DATA PROTECTION POLICY
Art. 32. The Registry Agency reserves the right to make changes and additions to this Policy. When making changes to the Policy, they will be timely reflected in it and made available to data subjects in the Personal Data Protection section of the Unified Portal for Application for Electronic Administrative Services.